Computerized authorization system and method

ABSTRACT

A computerized authorization system configured to authorize electronically-made requests to an electronic entity. The computerized authorization system comprises a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize each electronically-made request. The computerized authorization system is further configured such that: in response to receiving an electronically-made request to the electronic entity, an indication of the request is output to the at least one predetermined electronic authorization device configured to authorize the request as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the request is output to the electronic entity.

CROSS REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. application Ser. No.13/426,467, filed Mar. 21, 2012, the disclosure of which is herebyincorporated by reference herein in its entirety, including any figures,tables, or drawings.

FIELD OF INVENTION

Embodiments of the present invention relate to a computerizedauthorization system and method. Specific embodiments relate inparticular to a computerized authorization system and method used, forexample, for computer network security, financial transactions, andparental control.

BACKGROUND OF INVENTION

A wide variety of systems are available for conducting electronictransactions in a more or less secure manner over a telecommunicationslink or the like.

One example is electronic payment by credit or debit card, for example.Commercial practices, for example, are swiftly undergoing a changetowards completely electronic purchases and payment transactions. Byusing various payment terminals and debit or credit cards, paymenttransactions can be performed without handling hard cash at all.

When a user wishes to make a purchase in, for example, a retail storethe card is swiped through a card reader, and information relating tothe identity of the card, the identity of the retail store and the valueof the goods or services being purchased is transmitted to a remoteback-end computer network operated by the card issuer (such as acommercial bank or other financial institution). For furtheridentification and security purposes, the card user may be issued with apersonal identification number (PIN) and be required to enter his or herPIN into the card reader. The remote card processing system checks, forexample, that the user's card account contains sufficient funds orcredit to cover the proposed transaction, checks that the user's cardaccount is currently operational and then, after enforcing all theproper verifications, issues a confirmation signal back to the cardreader to indicate that the transaction may be authorized.

By providing an extra identification check by way of the PIN, thissystem helps to prevent fraud, but it is still not completely securebecause the PIN may be intercepted together with card identificationdata when being transmitted between the reader and the remote server. Ifthe thief is also able to obtain card identification details, forexample from a discarded till receipt or through conspiracy with thestore employee, it is a relatively simple matter to produce a fake cardincluding all the appropriate identification information for laterfraudulent use.

In another example, with the emergence and adoption of the Internet andrelated technologies, businesses are moving toward electronicintegration of supply and financial chains.

To improve the confidentiality of communications and commerce overnetworks, public key infrastructure (PKI) encryption systems have beendeveloped. Using PKI encryption, digital messages are encrypted anddecrypted using ciphers or keys. PKI systems attempt to provide a highlevel of security because messages can be decoded only by persons havingthe recipient's private key. However, it is well known in the industrythat a weakness of PKI technology is its susceptibility to theman-in-the-middle (MITM) attack.

A MITM attack is one in which a fraudster is able to read, insert andmodify at will, messages between two parties without either partyknowing that the communications path between them has been compromised.In order to implement the attack the attacker, which will typicallycomprise a software process rather than a person as such, must he ableto observe and intercept messages going between the two ‘victims’.

In order to avoid opportunities for interception, masquerading, MITMattacks, and other forms of electronic fraud, the industry had perceiveda need for enhanced authentication of the identity of a personinitiating an electronic transaction. In the prior art, a large numberof attempts have been made to increase system security this way. Thefollowing is a list of prior art disclosures, by way of example,targeting this approach.

U.S. Pat. No. 5,754,657 describes a process by which a message source isauthenticated by its location using GPS and appends a portion of thatraw signal to the data.

U.S. Pat. No. 5,757,916 discloses a technique by which raw satellitesignals from a source computer are transmitted to a remote server thatrequires authentication. A second source computer is employed that alsosends its raw GPS signals to the server.

U.S. Pat. No. 7,043,635 discloses a coded identification systemcomprising an electronic computer and a specific communications deviceto generate a volatile identification code by applying a mask code to apseudo-random string.

U.S. Pat. No. 7,231,044 discloses a digital authentication method usingthe delay between two timing signals emitted by the remote source of thetransaction.

U.S. Pat. No. 7,933,413 describes a system with a channel variationcomponent to facilitate a cryptographic key exchange betweenpeer-to-peer devices in a secure way.

U.S. Pat. No. 8,055,587 discloses a method for constructing a securetransaction that requires a value of an originating Internet Protocol(IP) address be encrypted and combined with an account passwordaccompanying authentication at a secure transaction web site.

In order to achieve its full potential, c-commerce must overcomenumerous security and related issues, including concerns relating tohacker attacks, merchant impersonation, fraud, and transactionrepudiation.

BRIEF SUMMARY

Embodiments of the present invention allow users or customers toexercise a more fine-grained control over the authorization of theirtransactions, independently and in addition to the typicalverifications, for example, those conducted by a debit or credit cardissuer.

Embodiments of the present invention increase the degree of security inonline transactions by, for example, mitigating the effects of MITMattacks and other forms of electronic fraud.

This is achieved by the embodiments of the method and system describedherein that intercept and authorize, in a collaborative manner, any sortof electronic activities conducted over a third party system enrolled ina centralized blocking alarm (CBA) program.

The following presents a simplified summary in order to provide a basicunderstanding of some aspects of the disclosed embodiments. This summaryis not an extensive overview and is intended to neither identify key orcritical elements nor delineate the scope of such embodiments. Itspurpose is to present some concepts of the described embodiments in asimplified form as a prelude to the more detailed description that ispresented later.

By way of example, in the computer system and computerized methoddescribed herein, the person or people who authorize anelectronically-made request to an electronic entity such as a debit orcredit card payment request to a bank, logging-on to a computer accountsuch as an e-mail account, social networking account, or bank accountmust input authorization from a particular predetermined or particularelectronic authorization device (such as a smartphone, computer (laptopor desktop), tablet computer or other suitable electronic device ormobile or portable electronic device). This is an additional securitystep. This arrangement puts responsibility on authorizingelectronically-made requests to the person or people who can make theauthorization. In this way, it is very clear to the person or peoplethat a fraudulent electronic request has been made.

Continuing with this example, on an electronically-made request beingmade, the computerized authorization system receives the request. (Therequest may also be sent to the electronic entity such as computers at abank, or computers at an internet service provider (ISP). However, thenthe request will automatically be paused or not carried out at theelectronic entity until authorization is received.) The computerizedauthorization system then sends an indication of this request (in theform of an electronic signal over the Internet or other network, forexample) to at least one predetermined electronic authorization deviceas indicated in a store (such as a hard disk drive or memory) of thecomputerized authorization system. That is to say, an electronic deviceto which the person or people who are authorized to authorize therequest have ready-available access and which is, typically,identifiable to them, such as their own computer or smart phone. Theauthorization is by a particular or predetermined device. Once theauthorization request is received at the electronic device, an alarm istypically initiated at the device. This may take the form of an audibleand/or visual indication being made on the user-interface or display ofthe electronic authorization device. The owner or user of the electronicdevice may then enter authorization of the request or vote typically byentering numbers and/or letters, for example a PIN (a 5-digit PIN isused by way of example). Once the correct authorization has been enteredan appropriate electronic signal is sent from the electronicauthorization device to the computerized authorization system. Onreceipt of this electronic signal, the computerized authorization systemsends an appropriate signal to the electronic entity (computers at abank, or computers at an internet service provider (ISP), for example)and the request is carried out (either the paused request at theelectronic entity is carried out or the request is sent to theelectronic entity and then carried out).

Embodiments of the present invention include a method and system fortemporarily blocking electronic activities and collecting furtherauthorization before deciding whether to conduct or abort the originalactivities, the method includes: the requirements enforced on the thirdparty service providers and the expected responses in their interactionwith the disclosed technique; the characteristics of the activitiesinvolved in the present invention, being mandatory the capability tointercept them, since the disclosed method is not intended to notify ofpast events but to control potential not-yet-occurred actions; thespecification of the requests to trigger an alarm, comprising, amongothers, the authorities to consult, the number of endorsements requiredand the time limit; the description of the voting mechanism and itsinherent ability to detect and report fraud; two different ways toconduct the resolution delivery process; and the capacity to deal withephemeral lacks of Internet access on the client side.

The example system is for alarm triggering, notification broadcasting,voting management and resolution delivery. The example system includes:one or more server devices (AT*S) (one or more electronic entities) incommunication through a network with the third party service providersaffiliated to the program (hereinafter “Sources”); one or more serverdevices (AV*S) (these form the computerized authorization system) incommunication with client devices (the electronic authorization devices)over the Internet; the private network infrastructure to communicateAT*S devices with AV*S devices; wherein the electronic softwarecomprises a series of instructions configured for: receiving an alarmtriggering request (ATR) on a AT*S device from one of the Sources (anelectronically-made request); passing onto the AV*S devices thepertinent section of the ATR received; transmitting informationalmessages via the Internet towards the client devices of the alarmrecipients (hereinafter “Recipients”); collecting votes (indication ofauthorization) from the intended Recipients and sending their electionsover the Internet to an AV*S device; wherein in response to receivingthe minimum required number of votes to reach a verdict or afterexhausting the period of time specified in the ATR, the system performsthe following: updating the storage mediums accessed by the trackingservices available to the Sources; and calling-back the triggeringSource to inform about the resolution of the action.

In one embodiment of the present invention, a centralized alarm methodis provided for temporarily blocking electronic activities andcollecting further authorization before deciding whether to conduct orabort the original activities, the method comprising: receiving, from areliable source, a description of an activity which is currently paused,waiting for the authorization of one or more users enrolled in theprogram; receiving, in addition, the minimum number of endorsementsrequired from the intended recipients, a period of time delimiting thevalid interval to cast a vote on the action, and the proper channels tocommunicate the final resolution back to the source; dispatching anotification of the alarm to each of the intended recipients andaccepting their votes upon proper authentication of their identities;offering to the recipients the possibility to veto the action, as atechnique to report and immediately abort a fraudulent activity;computing the votes supplied and determining the resolution of the poll,whether by reaching a verdict or by means of time exhaustion; informingthe source about the authoritative decision on whether to proceed or toabort the current activity;

An auto-response mechanism may be provided to automatically cast a voteon behalf of a requested recipient according to certain rules, theconfiguration stated by the user in his or her profile and thecharacteristics of the current activity.

A tracking service may be provided to allow the sources of activities toquery for status updates and resolution availability on their triggeredalarms.

Default callback channels may be stored to notify the sources of thefinal decision when no channel is included in the triggering request.

In another embodiment of the present invention, a centralized blockingalarm system is provided to enhance control and authorization on anysort of electronic activities conducted over an affiliated third partysystem, the system comprising: one or more server modules (AT*S) incommunication through a network with the third party service providersaffiliated to the program; one or more server modules (AV*S) incommunication with one or more client devices over the Internet; whereinthe electronic software comprises a series of instructions configuredfor: receiving an alarm triggering request (ATR) on a AT*S module fromone of the Sources; passing onto a AV*S module the pertinent section ofthe ATR received; transmitting informational messages via the Internettowards the client devices of the alarm recipients; collecting votesfrom the intended recipients and sending their elections over theInternet to a AV*S module; wherein in response to receiving the minimumrequired number of votes to reach a verdict or after exhausting theperiod of time specified in the ATR, a AT*S module informs theaffiliated third party system of the resolution of the action.

The AT*S and AV*S modules may reside distributed in several serverdevices, further comprising the private network infrastructure andsoftware to communicate AT*S devices with AV*S devices in a real-timemanner.

The system may further comprise an auto-response module to automaticallycast a vote on behalf of a requested recipient.

The system may further comprise a rule evaluation engine to allow morecomplex auto-vote settings per recipient, according to the serviceprovider that triggered the alarm, the kind of activity involved, thedate and time, among other criteria.

The system may further comprise a tracking service for allowing serviceproviders to poll for status updates and resolution availability ontheir triggered alarms.

The client device (predetermined electronic authorization device) may bea cell phone, a tablet, a personal computer, or any other kind ofInternet connection capable device, whether a commercial general-purposedevice or a specialized piece of hardware.

In an aspect of specific embodiments of the present invention, there isprovided a computerized authorization system configured to authorizeelectronically-made requests to an electronic entity, the computerizedauthorization system comprising: a store configured to store anindication of at least one predetermined electronic authorization deviceconfigured to authorize each electronically-made request; thecomputerized authorization system being further configured such that: inresponse to receiving an electronically-made request to the electronicentity, an indication of the request is output to the at least onepredetermined electronic authorization device configured to authorizethe request as indicated in the store; and in response to receiving anindication of authorization from the at least one predeterminedelectronic authorization device, an indication of authorization of therequest is output to the electronic entity.

The computerized authorization system may be further configured suchthat if an indication of authorization of the request is not receivedfrom the at least one predetermined electronic authorization devicewithin a predetermined time an indication that the request is rejectedis sent to the electronic entity.

The computerized authorization system may be further configured toreceive an indication from the at least one predetermined electronicauthorization device that the electronically-made request is fraudulent.

The computerized authorization system may be further configured suchthat, in response to receiving the indication from the at least onepredetermined electronic authorization device that theelectronically-made request is fraudulent, an identity request is madeto identify the electronic device that made the electronically-maderequest and/or a user of the electronic device.

The identity request may comprise a signal being sent to the electronicdevice that made the electronically-made request, to capture an image ofa user of the electronic device.

The at least one predetermined electronic authorization device may be adifferent device to an electronic device that makes theelectronically-made request.

The computerized authorization system may be configured to send theindication of the electronically-made request to the electronic entityto a plurality of predetermined electronic authorization devicesconfigured to authorize the request.

The indication of authorization may be sent to the electronic entity inresponse to receiving an indication of the authorization from apredetermined number of a plurality of predetermined electronicauthorization devices.

The store may be configured to store the predetermined number of theplurality of predetermined electronic authorization devices.

The computerized authorization system may be further configured toautomatically send an indication of authorization of the request to theelectronic entity if at least one predetermined criteria are met.

A store may be configured to store the at least one predeterminedcriteria.

The at least one predetermined criteria may be set by the at least onepredetermined electronic authorization device.

The computerized authorization system may comprise a plurality ofcomputers and/or servers on a network.

In another aspect of specific embodiments of the present invention,there is provided a computerized authorization method, the computerizedauthorization method comprising: in response to receiving anelectronically-made request to an electronic entity, sending anindication of the request to at least one predetermined electronicauthorization device as indicated in a store; and in response toreceiving an indication of the authorization from the at least onepredetermined electronic authorization device as indicated in the store,sending an indication of authorization of the request to the electronicentity.

The computerized authorization method may further comprise sending anindication that the request is rejected to the electronic entity if anindication of authorization of the request is not received from the atleast one predetermined electronic authorization device within apredetermined time.

The computerized authorization method may further comprise receiving anindication from the at least one predetermined electronic authorizationdevice that the electronically made request is fraudulent.

The computerized authorization method may further comprise in responseto receiving the indication from the at least one predeterminedelectronic authorization device that the electronically-made request isfraudulent, making an identity request to identify the electronic devicethat made the electronically-made request and/or a user of theelectronic device.

The identity request may comprise sending a signal to the electronicdevice that made the electronically made request, to capture an image ofa user of the electronic device.

The at least one predetermined electronic authorization device may be adifferent device to a device that makes the electronically-made request.

The computerized authorization method may comprise outputting theindication of the electronically-made request to the electronic entityto a plurality of predetermined electronic authorization devicesconfigured to authorize the request.

The computerized authorization method may comprise sending theindication of authorization to the electronic entity in response toreceiving an indication of the authorization from a predetermined numberof the plurality of predetermined electronic authorization devices.

The computerized authorization method may comprise storing thepredetermined number of the plurality of predetermined electronicauthorization devices in the store.

The computerized authorization method may further comprise automaticallysending an indication of authorization of the request to the electronicentity if at least one predetermined criteria are met.

The computerized authorization method may further comprise storing theat least one predetermined criteria in a store.

The at least one predetermined electronic authorization device may beset the at least one predetermined criteria.

The computerized authorization method may be carried out by a pluralityof computers and/or servers on a network.

In a further aspect of specific embodiments of the present invention,there is provided an electronic authorization device, the electronicauthorization device comprising: an input to receive, from acomputerized authorization system, an indication of anelectronically-made request to an electronic entity from a differentelectronic device; a user interface configured to indicate theindication of the electronically-made request and to allow a user toauthorize the request; and an output to output an indication ofauthorization of the request to the computerized authorization system;the electronic authorization device being configured such that: inresponse to receiving the indication of the electronically-made requestat the input, the user interface indicates the electronically-maderequest; and in response to a user authorizing the request, outputtingfrom the output an indication of authorization of the request to thecomputerized authorization system.

In a yet further aspect of specific embodiments of the presentinvention, there is provided a computer-readable medium containing a setof instructions to cause a computer to perform a method comprising: inresponse to receiving an electronically made request to an electronicentity, sending an indication of the request to at least onepredetermined electronic authorization device as indicated in a store;and in response to receiving an indication of the authorization from theat least one predetermined electronic authorization device as indicatedin the store, sending an indication of authorization of the request tothe electronic entity.

BRIEF DESCRIPTION OF DRAWINGS

The invention will be described in more detail, by way of example, withreference to the accompanying drawings, in which:

FIG. 1 is a flowchart illustrating the blocking alarm high-levelbehavior according to embodiments of the invention;

FIG. 2 illustrates a schematic block diagram of an exemplary computingenvironment operable to execute disclosed embodiments of the invention;

FIG. 3 illustrates an exemplary sequence analysis of blocking alarms inaccordance with disclosed embodiments of the invention;

FIG. 4 is a diagram illustrating the measures for defeating the man inthe middle scheme according to embodiments of the invention;

FIG. 5 is a diagram illustrating a method to exercise a morefine-grained control over the authorization of financial transactionsaccording to embodiments of the invention;

FIG. 6 illustrates a visual representation of a single-voteself-authorized blocking alarm according to embodiments of theinvention;

FIG. 7 illustrates a visual representation of a multi-vote supervisedblocking alarm according to embodiments of the invention;

FIG. 8 is a state chart illustrating the voting mechanism behavioraccording to embodiments of the invention;

FIG. 9 is a diagram illustrating a method to exercise cooperativeparental control in accordance with disclosed embodiments of theinvention;

FIG. 10 is a diagram illustrating two variants of a resolution deliveryprocess according to embodiments of the invention;

FIG. 11 is a diagram illustrating the resilience of the system tooffline environments in accordance with disclosed embodiments of thepresent invention; and

FIG. 12 illustrates a screen display of an electronic authorizationdevice embodying an aspect of specific embodiments of the presentinvention.

DETAILED DISCLOSURE

Various detailed embodiments of the present invention are disclosedherein, however, it is to be understood that the disclosed embodimentsare merely exemplary of the invention which may be embodied in variousforms. Therefore, specific structural and functional details disclosedherein are not to be interpreted as limiting, but merely as arepresentative basis for teaching one skilled in the art to employ thepresent invention in a variety of manners.

The word “exemplary” is used herein to mean serving as an example,instance, or illustration. Any aspect or design described herein as“exemplary” is not necessarily to be construed as preferred oradvantageous over other aspects or designs.

As used in this application, the terms “component”, “module”, “system”,and the like are intended to refer to a computer-related entity, eitherhardware, a combination of hardware and software, software, or softwarein execution.

In some cases, well-known structures, techniques, or operations are notshown or described in detail in order to avoid obscuring aspects ofspecific embodiments of the invention. Furthermore, the describedfeatures, structures, or characteristics may be combined in any suitablemanner in one or more embodiments.

Referring initially to FIG. 1, illustrated is the blocking alarmhigh-level behavior, according to embodiments of the invention, in theform of a flowchart 100. At step 101 of the flowchart an action isinitiated at an external system enrolled in the centralized blockingalarm (CBA) program. In other words, an electronically-made request ismade by an electronic device to an electronic entity. If, as stated bythe configuration settings on the third party system, the action demandsfurther authorization, the client CBA software (computerizedauthorization system) triggers an alarm and a poll is set up to decideon the pertinence of the action 102. In other words, an indication ofthe request is sent to predetermined electronic authorization devices asindicated in a store (hard disk drive or memory, for example) of the CBAor computerized authorization system.

Subsequently, when one of the intended recipients (predeterminedauthorization devices) emits a vote on the issue 103 (sends anindication of authorization of the request, typically by entering a PINinto the authorization device), the CBA system analyzes the pollresults. In the event the minimum number of endorsements orauthorizations required is not yet reached though still feasible(decision block 104 is “Yes”), the enquiry is kept active and in pendingresolution status. Otherwise, when the activity requires no furthervotes to be solved (decision block 104 is “No”), the associated poll isclosed and the result of the scrutiny is notified back to the sourcesystem 105 (electronic entity to whom the request was made).

Concurrently, a CBA or computerized authorization system componentmonitors the life span of the alarm. If the timeout period or life spanelapsed prior to completion of the operation 106, the system signals arejection on an interval exhaustion basis 107; which is, consequently,notified to the originator 105 (electronic entity to whom the requestwas made).

Continuing with the flowchart of FIG. 1, once a client CBA module on athird party system receives an authorization response from the CBAserver (all forming the computerized authorization system), theaffiliated system (electronic entity) would act accordingly to eitherfulfill or abort the activity (electronically-made request) whichtriggered off the alarm 108.

FIG. 2 illustrates a schematic block diagram of an exemplary computingenvironment operable to execute the disclosed embodiments. The serviceproviders enrolled in the CBA program house alarm triggering clients(AT*C) 201, 202, 203 (electronic entities, such as computers or seversproviding banking services, or computers or servers providing otherinternet services such as e-mail or social networking)) to interact withthe server side components 204 (part of the computerized authorizationsystem) made available to them. Embodiments of the invention are equallyeffective in scenarios in which the service provider is a commercialbank or other financial institution 201, as well as an electroniccommerce website 202 or any sort of business 203 demanding complementaryauthorization over a secure channel of the activities performed by itsclients.

The AT*C (electronic entities) may be implemented in software, firmware,hardware or some combination thereof. In one embodiment, the AT*Ccommunicates with the alarm triggering services (AT*S) 204 over HTTPS,sending requests, properly signed with the provider credentials, to theweb services depicted in the application programming interface (API) orRESTful API of the system. In alternative embodiments, as will beappreciated by those skilled in the art, a number of other networkprotocols, and/or AT*S API implementations are capable of facilitatingcommunications between the various third party providers and the system.

Still referring to FIG. 2, the AT*S modules 204 are responsible for allthe interaction with the service providers enrolled in the CBA program.In a preferred embodiment, an isolated farm of server devices houses theAT*S modules 204, accessible only to affiliated systems via private URLsassigned to each of them, with further restrictions enforced throughIP-range firewall rules and/or controlled access over a TCP/IP compliantvirtual private network (VPN).

The AT*S 204 cooperates with the server modules in charge of resolvingthe authoritative response on the triggered action: the alarm votingservices (AV*S) 206 (another part of the computerized authorizationsystem). In a distributed environment, the AT*S communicates with theAV*S server devices via a remote messaging platform over a variety ofsupported network protocols 205. In an alternative single-serverembodiment (of the computerized authorization system), the triggeringand voting services interact over some sort of interprocesscommunication (IPC); or even, in a monolithic approach, the logical AT*Sand AV*S components may share the same physical process space.

Continuing with the diagram of FIG. 2, the AV*S modules 206 inform thealarm recipients or recipients devices (electronic authorizationdevices) over the Internet, or a telephone network, or any other similarcommunication network 207. The recipients devices house alarm votingclients (AV*C) 208, 209, 210, 211 capable of receiving, decrypting anddisplaying the alarm notification (electronically-made request) to thefinal users, as well as collecting and transmitting their votes (sendingan indication of authorization) in a secure manner back to the AV*S 206.The client device housing the AV*C may either be a tablet 208, a cellphone 209, a personal computer 210, or any other kind of connectioncapable device 211, whether a commercial general-purpose device or aspecialized piece of hardware.

The AV*C may be implemented in software, firmware, hardware or somecombination thereof. In one embodiment, the AV*C communicate with thealarm voting services (AV*S) 206 over an application layer protocol onthe TCP/IP stack (HTTP or the like), in conjunction with Secure SocketsLayer (SSL)/Transport Layer Security (TLS) protocols to provide mutualauthentication of the parties involved. In a preferred implementation,the AV*C are deployed on native applications for Windows, iOS, Androidor any other operating system, instead of a browser-based thin-clientapproach, to guarantee that the AV*S certificate message provides avalid certificate chain, leading to an acceptable certificate authority(CA) according to the public key infrastructure (PKI) of the system.

FIG. 3 illustrates an exemplary sequence analysis of blocking alarms inaccordance with specific embodiments. The process begins when a user(“Actor”) initiates an action 301 or electronically makes a request toor in a third party system (“Source”) or electronic entity enrolled inthe centralized blocking alarm (CBA) program (uses the computerizedauthorization system).

At step 302, the “Source” determines, according to its business rulesand configuration settings, whether the action demands furtherauthorization (from the computerized authorization system); as well asif the “Actor” supports complementary approval of the activity via theCBA system, as indicated by his or her account profile.

In the event the CBA system (CBAS) intervention is required, the“Source” temporarily suspends the execution of the current activity andtriggers an alarm 303 in the CBAS. The alarm triggering request (ATR)may include, but is not limited to, the “Actor” identity information,the “Source” CBA affiliate identifier, the code and/or name of theaction that triggered the alarm, a detailed description of the action,the CBA identifiers of the voting authorities (“Recipients” orpredetermined electronic authorization devices, the identities oridentifiers of which are stored in a store of the CBAS), the minimumnumber of endorsements required and a timeout interval for the poll.Additionally, the ATR may include callback specifications to inform the“Source” about the operation progress or of its final resolution, aswell as a stock-keeping unit (SKU) attached to the operation by the“Source” for tracking or reporting purposes.

Continuing with the diagram of FIG. 3, the CBAS, upon reception of therequest, applies the auto-vote rules 304 relevant to the ATR, accordingto the configuration stated by the “Recipients” in their profiles.Concurrently, an active component, running under its own thread ofexecution, monitors alarms 305 to signal and close those where thetimeout period has elapsed before receiving enough votes to reach averdict, typically due to inaccessible or unconcerned votingauthorities.

At step 306, the CBAS notifies the “Recipients” of the alarm by sendingthem request for vote (RFV) messages (sending an indication of theelectronically-made request). The CBAS assembles the RFV out of theinformation in the ATR combined with the “Source” data in the repositoryof affiliated service providers. The RFV may include, but is not limitedto, an alarm identifier internal to the system, the “Actor” and “Source”identity information, a human-readable name of the action that triggeredthe alarm, a detailed description of the action, the date and time whenthe alarm was triggered, and the closing/expiry date and time of thevoting request.

The “Recipients” cast their votes 307 endorsing (authorizing), objectingor vetoing the activity under consideration (typically, endorsing, byentering a PIN on their user-interface and objecting or vetoing byselecting appropriate buttons). The CBAS enforces, as a precondition toconcede the right to vote, that the poll is still active: unresolved,according to the minimum number of endorsements stated in the ATR; andunexpired, in accordance with the triggering date and the timeoutinterval specified. In a preferred embodiment, voting or sensitivevoting (i.e. endorsement) demands from the recipient furtherauthentication, requesting the input of a shared secret, such as apersonal identification number (PIN) or a one-time password (OTP).

Still referring to FIG. 3, once a verdict has been reached or the alarmhas expired, the CBAS informs the “Source” (electronic entity) of theresults 308, which would act accordingly to either allow or block theaction 309, so far temporarily suspended. The “Source” discretionarilyinforms the “Actor” 310 (electronic device that makes an electronicrequest) of the authorization resolution.

FIG. 4 is a diagram illustrating the measures for defeating a man in themiddle scheme according to specific embodiments of the invention. Thediagram conceptually demonstrates an attack that can be carry out on anunsuspecting user 401, who wishes to connect to a sensitive networksite, herein exemplified by the service provider 406 (electronicentity), with which the customer 401 has an account. However, instead ofdirectly entering the URL into a personal computer 402, user 401 clicks,for instance, on a link received on an e-mail message, which the userbelieves to have come from the service provider 406 because indiciaappearing in the message conveys the impression that this is the case.Unfortunately though, the e-mail is a forgery sent out by an attackerfor fraudulently routing the user's network connection through ananonymous proxy server 404.

It will appreciated by those skilled in the art that the methoddescribed, widely known as phishing, is only one way in which aman-in-the-middle (MITM) attack can be perpetrated. Many variants orsimilar attacks are possible, for example: placing Trojan code on acustomer PC, corrupting a user host file, keylogging, setting up a rogueWi-Fi access point or gaining access to a Domain Name Server (DNS),among others.

Returning to the discussion of FIG. 4, if the attacker has obtained alegitimate certificate for proxy server 404, and thereby opens an SSLsession over secure channel, the user 401 experience is perfectlynormal, thereby confirming the user's falsified confidence in thelegitimacy of the operations conducted by the service provider 406.

As indicated by 403, the customer 401 submits the request supposedly toserver 406 (the service provider or electronic entity). Theman-in-the-middle (MITM) 404 intercepts the request, modifies therequest by substituting fraudulent data in place of the genuine details(gray circles 403 to black diamonds 405), and forwards on the modifiedrequest 405 to the service provider 406.

In step 407, the service provider 406 issues a transaction confirmationmessage to the customer, which is intercepted by the MITM process 404and relayed to the customer in step 408. Again, if the payload includesa copy of the transaction details, the MITM 404 substitutes back in theoriginal customer transaction details (gray circle in 408 instead ofblack diamond in 407), so that the customer 401 remains unaware of thetrue transaction that is going to occur.

The aforementioned MITM attack is exceptionally complex to notice untila later statement is received by the user. Additionally, since theservice provider records show that a genuine customer logged in andrequested an action that was validated, it may be difficult for acustomer to prove that they were not party to the fraudulent transactionthat occurred.

However, still referring to FIG. 4, as the service provider 406 enrolledin the CBA program embodying the present invention, it temporarilysuspends the transaction altered by the MITM 404, while triggering ablocking alarm 409 to request further authorization from user 401 beforeallowing the action to proceed.

The centralized blocking alarm system (CBAS) 410 issues a request forvote (RFV) notification 411 containing the fraudulent data injected bythe MITM (black diamonds at 411). The customer 401 receives the RFV overa secure network channel, to a predetermined electronic authorizationdevice either personal computer 402 where the action was initiated, orin a separate hardware device 412 (such as a cell phone or smart phone);being able to perceive the threat and abort the transaction. Hence, theCBAS 410 offers user 401 the possibility to detect, block and report theMITM 404 attack.

FIG. 5 is a diagram illustrating a method to exercise a morefine-grained control over the authorization of financial transactions.At the first step the cardholder 501 initiates a credit or debit cardtransaction in, for example, a petrol station 502. When the card isswiped through the card reader, the identity of the point-of-sale andthe value of the goods or services being purchased is transmitted 503 tothe back-end computer network operated by the card issuer 504(electronic entity).

In this example, the cardholder is enrolled in the financial institutioncentralized blocking alarm (CBA) program, and thus the card issuer 504temporarily blocks the transaction and the CBA client software runningin the financial institution network submits an alarm triggering request(ATR) associated to the current operation. The ATR is typically anencrypted XML string sent over a private secure channel 505 allocated toeach of the subscribed service providers.

The CBA system 506 assembles request for vote (RFV) messages 507addressed to the proper recipients, according to the ATR received andrelated settings established by the service provider and the usersinvolved. In the exemplary embodiment, authorization is requested onlyfrom the cardholder 501 (an indication of the request is only sent tothe cardholder's predetermined electronic authorization device), whoreceives the RFV and responds accordingly by means of the predeterminedelectronic authorization device, such as a cell phone, a tablet, aspecialized piece of hardware or any other sort of connection capableclient device 508. The client component (electronic authorizationdevice) 508 is preferably connected to the server (CBA system orcomputerized authorization system 506) by data transmission link, suchas the Internet; though non-Internet based voting may be handled, suchas by telephone, through the touchtone keypad of the phone, or byresponding orally wherein the system utilizes voice recognition software(IVR).

The cardholder 501 examines, in his or her client device 508, thetransaction information comprised in the RFV 507. An exampleillustration of the display or user interface 1200 of the client deviceis in FIG. 12. The display or user interface is configured to indicateor display the indication of an electronically-made request. In thisexample, the request includes the electronic entity or financialinstitution to whom the request is made 1202 (in this example,www.oceancard.com), the date 1204 (in this example, 08/03/2012) and time1206 (in this example, in the format of hours:minutes:seconds, in theexample case, 13:34:59), and details of the request 1208 (in thisexample, a transfer of £300 to Mr. John Manson). The user interface alsoallows a user to authorize the request or vote for it. The userinterface includes a keypad display 1210 and the user authorizes therequest or votes for it by entering their personal identification number(PIN) on the numerals 0 to 9 on the keypad. In this example, a 5-digitPIN is required. Once a user's PIN has been entered, the request isauthorized by selecting “Agree” button 1212 in the user interface. Theuser interface includes a “Reject” button 1214. If the user wishes toreject the request (for example, because it is erroneous rather thanfraudulent), selecting the “Reject” button sends an appropriate signalto the electronic entity to whom the request is made. The user interfaceincludes a “Mix it” button 1216 (in this example, between the “Agree”and “Reject” buttons). Selecting the “Mix it” button causes the numerals0 to 9 indicated on the keypad to be randomly or pseudo-randomlydisplayed on the keys of the keypad. This is an extra security feature.

The user interface 1200 includes an arrangement to report that theelectronically made request is fraudulent. In order for a user to reporta fraudulent request, in this example, in the user interface an image1218 is dragged onto an image of a cell 1220 by the user. As a result,an indication of fraudulent activity is sent or transmitted to theelectronic entity. In response to receiving the indication from the atleast one predetermined electronic authorization device that theelectronically made request is fraudulent, an identity request is madeby the electronic entity to identify the electronic device that made theelectronically made request and/or a user of the electronic device. Inthis example, the identity request comprises a signal being sent to theelectronic device that made the electronically made request, to capturean image of a user of the electronic device. For example, to command acamera on the electronic device to take a picture of the user.

In this example, if an indication of authorization of the request is notreceived from the predetermined electronic authorization device orclient device within a predetermined time the request is automaticallyrejected. The time remaining 1222 of the predetermined time is shown inthe user interface 1200, in this example, in the formatminutes:seconds:hundredths of seconds and, in this example, 0 minutes,49 seconds and 37 hundredths of seconds remain.

Returning to FIG. 5, if the user 501 emits a vote on the action or afterthe period of time specified in the ATR 505 is exhausted, the CBA systeminforms the card issuer 504 of the decision 509. Upon receipt of theauthorization response, the financial institution issues a signal 510back to the card reader to indicate whether the transaction is allowedto proceed or not.

FIG. 6 illustrates a visual representation of a single-voteself-authorized blocking alarm, a scenario similar to the one depictedin FIG. 5. The user 601 initiates an action 602 in a service provider603 (electronic entity) that transmits an ATR 604 to the CBAS 605(computerized authorization system), which in turn sends a single RFV606 to the same user 601 who invoked the initial action. In thisscenario only one vote 607 influences the authorization 608 of theactivity, and the user receives feedback 609 about a decision taken byherself on the CBAS.

In contrast, FIG. 7 illustrates a visual representation of a multi-votesupervised blocking alarm. The same as in the previous diagram, the user701 initiates an action 702 in a service provider 703 (electronicentity) that transmits an ATR 704 to the CBAS 705 (computerizedauthorization system). However, in this scenario there are multiplevoting authorities 707 stated in the ATR 704, none of them being user701.

The CBAS 705 sends an RFV 706 to each of the intended recipients 707 andcollects their votes 708 on the alarm. Upon reaching a verdict, the CBAStransmits the results 709 to the source system 703, which in turn sendsa notice 710 to user 701. In this scenario the collective decision 709achieved by the voting authorities 707 depicts a technique to enforceregulatory supervision on the user 701 activities in accordance withembodiments of the invention. It is up to the ATR to state the minimumnumber of endorsements (predetermined number of authorizations from apredetermined number of electronic authorization devices) required toauthorize the action; for instance, at least one, or a majority, or allof the recipients (predetermined electronic authorization devices).

FIG. 8 is a state chart illustrating the voting mechanism behavioraccording to specific embodiments of the invention. At step 801, uponreception of an alarm triggering request (ATR) (electronically-maderequest), a poll is setup in the system to conduct the authorizationsurvey. Initially the poll is in an open state 802 and accepting votesfrom the recipients of the alarm.

If a voting authority either endorses 803 (accepts) or objects 804 therequest, the system computes 807 the votes cast so far to decide whetherthe poll is still pending 808 and remains open 802, or has already beensolved 809 and should be closed 810. An alarm is regarded as pendingwhen the minimum number of endorsements required is not yet reachedthough still feasible. Otherwise, the alarm is regarded as solved,either by acceptance (required endorsements reached) or by rejection(requirements no longer attainable).

Continuing with the diagram of FIG. 8, a recipient may veto 805 therequest. A veto, in accordance with the disclosed invention, is atechnique to report and immediately abort fraudulent activities. Whilean objection 804 is a plain disagreement statement, subject to beoutweighed by the votes of the other recipients; a veto unilaterallybans the request, closes the poll 810 and transmits a warning message tothe service provider enrolled in the CBA program,

Finally, the poll associated to the request may pass from an open 802 toa closed 810 state when a timeout 806 is signaled by the alarm life spanmonitor, according to the interval specified in the ATR. Once the votingmechanism ends, the source system is notified of the process results811.

FIG. 9 is a diagram illustrating a method to exercise cooperativeparental control in accordance with embodiments of the presentinvention. At the first step a child or minor 901 initiates a sensitiveaction in a third party system affiliated to the CBA program(computerized authorization system). In one scenario, the minor'sactivities may be related to online shopping 902 on a CBA-capable store906, which in turn sends an ATR to the blocking alarm system (CBAS) 909.In a different scenario the alarm may be triggered when the child 901attempts to retrieve restricted online content 907, in accordance withthe security policies of a proxy server 903 limiting access to certainwebsites or network content that the parent may deem inappropriate forthe child.

Further, in another aspect, a financial institution 904 may place theATR in the CBAS 909 when the child 901 initiates a credit or debit cardtransaction. Still further, a TV parental control infrastructure 905,providing a lockout feature on a cable box or other customer mediacontroller, may be enrolled in the CBA program and triggers alarms inthe centralized system 909.

Regardless of the source system, the CBAS is instructed 908 to send arequest for vote (RFV) 910 to electronic devices of one of the parentsor to both of them 911, 912, depending on the behavior stated in theATR. The third party system controls, by properly setting in the ATR theminimum endorsements required, whether a single-parent acceptanceauthorizes the action or if both parents must approve it to proceed.

FIG. 10 illustrates two variants of the resolution delivery processaccording to specific embodiments of the invention. In the firstalternative, a service provider enrolled in the CBA program (the“Source” or electronic entity) triggers an alarm 1001. The centralizedblocking alarm system (CBAS) (computerized authorization system) awaitsuntil an authoritative decision has been reached 1002 and then invokesthe pertinent callback 1003 on the “Source” system. The callbackresolution process will be described in more detail below.

In the second alternative, once the “Source” or electronic entitytriggers an alarm 1004, the CBAS includes polling directives in itsresponse. In a preferred embodiment, the CBAS or computerizedauthorization system supplies a uniform resource locator (URL) so the“Source” can repeatedly issue requests to be informed about theoperation progress. Continuing with the diagram of FIG. 10, while theCBAS is computing the votes casted 1005, the “Source” polls for status1006 until a verdict is reached and the CBAS includes the decision inthe response 1007.

Still referring to FIG. 10, the callback resolution process initiallyattempts to resolve 1008 the “Source” notification channel according tothe information 1009 included in the alarm triggering request (ATR). Inthe event the current ATR does not contains the callback specificationsegment, the CBAS falls back 1010 to the channels specified in the“Source” affiliated profile 1011.

FIG. 11 illustrates the resilience of the computerized authorizationsystem to offline environments in accordance with embodiments of thepresent invention. Initially, a user enrolled in the CBA program 1101,while being in an online environment, modifies his or her auto-votesettings before going on vacation to a place out of reach of the CBAnetwork, whatever the CBA network embodiment is. The user 1101 instructsthe CBAS 1104 (computerized authorization system) to cast anauto-acceptance vote 1102 on every alarm triggered by the financialinstitution (electronic entity) responsible for his or her credit card,as long as the action informed in the alarm triggering request (ATR) isinitiated by a physical point-of-sale (POS). Furthermore, the userinstructs the system to otherwise cast an auto-rejection vote 1103 onany e-commerce transaction; this second configuration being not strictlynecessary, as the CBA system would reject timed out alarms.

In a second stage, the user being on vacation in an offline environment1105 is allowed to use his or her credit card at any POS, since the ATRissued by the financial institution 1106 is auto-accepted 1108 by theCBAS, in accordance with the auto-response settings 1107 previouslystated by the user. If, meanwhile, a fraudster 1109 attempts to conductan operation on an electronic commerce business 1110; the CBASautomatically rejects 1112 the transaction, as instructed 111 by thecurrent configuration of the user.

Aspects of the invention may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, etc., that performparticular tasks or implement particular abstract data types. Moreover,those skilled in the art will appreciate that the invention may bepracticed with a variety of computer-system configurations, includingmultiprocessor systems, microprocessor-based or programmable-consumerelectronics, minicomputers, mainframe computers, and the like. Anynumber of computer-systems and computer networks are acceptable for usewith the present invention.

Specific hardware devices, programming languages, components, processes,protocols, and numerous details including operating environments and thelike are set forth to provide a thorough understanding of the presentinvention. In other instances, structures, devices, and processes areshown in block-diagram form, rather than in detail, to avoid obscuringthe present invention. But an ordinary-skilled artisan would understandthat the present invention may be practiced without these specificdetails. Computer systems, servers, work stations, and other machinesmay be connected to one another across a communication medium including,for example, a network or networks.

As one skilled in the art will appreciate, embodiments of the presentinvention may be embodied as, among other things: a method, system, orcomputer-program product. Accordingly, the embodiments may take the formof a hardware embodiment, a software embodiment, or an embodimentcombining software and hardware. In an embodiment, the present inventiontakes the form of a computer-program product that includescomputer-usable instructions embodied on one or more computer-readablemedia.

Computer-readable media include both volatile and nonvolatile media,removable and nonremovable media, and contemplate media readable by adatabase, a switch, and various other network devices. By way ofexample, and not limitation, computer-readable media comprise mediaimplemented in any method or technology for storing information.Examples of stored information include computer-usable instructions,data structures, program modules, and other data representations. Mediaexamples include, but are not limited to, information-delivery media,RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM,digital versatile discs (DVD), holographic media or other optical discstorage, magnetic cassettes, magnetic tape, magnetic disk storage, andother magnetic storage devices. These technologies can store datamomentarily, temporarily, or permanently.

The invention may be practiced in distributed-computing environmentswhere tasks are performed by remote-processing devices that are linkedthrough a communications network. In a distributed-computingenvironment, program modules may be located in both local and remotecomputer-storage media including memory storage devices. Thecomputer-usable instructions form an interface to allow a computer toreact according to a source of input. The instructions cooperate withother code segments to initiate a variety of tasks in response to datareceived in conjunction with the source of the received data.

The present invention may be practiced in a network environment such asa communications network. Such networks are widely used to connectvarious types of network elements, such as routers, servers, gateways,and so forth. Further, the invention may be practiced in a multi-networkenvironment having various, connected public and/or private networks.

Communication between network elements may be wireless or wireline(wired). As will be appreciated by those skilled in the art,communication networks may take several different forms and may useseveral different communication protocols. And the present invention isnot limited by the forms and communication protocols described herein.

While the preferred embodiments to the invention has been described, itwill be appreciated to those having skill in the art, that many changesmay be made to the details without departing from the underlyingprinciples of the invention. The scope of the present invention should,therefore, be determined only by the following claims.

1. A computerized authorization system configured to authorize electronically-made requests to an electronic entity, the computerized authorization system comprising: a store configured to store an indication of at least one predetermined electronic authorization device configured to authorize an electronically-made request to an electronic entity; the computerized authorization system being further configured such that: in response to receiving the electronically-made request to the electronic entity, an indication of the electronically-made request to the electronic entity is output to the at least one predetermined electronic authorization device configured to authorize the electronically-made request to the electronic entity as indicated in the store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device, an indication of authorization of the electronically-made request to the electronic entity is output to the electronic entity.
 2. A computerized authorization system according to claim 1, further configured such that if the indication of authorization of the electronically-made request to the electronic entity is not received from the at least one predetermined electronic authorization device within a predetermined time an indication that the electronically-made request to the electronic entity is rejected is sent to the electronic entity.
 3. A computerized authorization system according to claim 1, further configured to receive an indication that the electronically-made request to the electronic entity is fraudulent from the at least one predetermined electronic authorization device.
 4. A computerized authorization system according to claim 3, further configured such that, in response to receiving the indication that the electronically-made request to the electronic entity is fraudulent from the at least one predetermined electronic authorization device, an identity request is made to identify an electronic device that made the electronically-made request to the electronic entity and/or a user of the electronic device that made the electronically-made request to the electronic entity.
 5. A computerized authorization system according to claim 4, wherein the identity request comprises a signal being sent to the electronic device that made the electronically-made request to the electronic entity, to capture an image of the user of the electronic device that made the electronically-made request to the electronic entity.
 6. A computerized authorization system according to claim 1, wherein the at least one predetermined electronic authorization device is a different device to an electronic device that made the electronically-made request to the electronic entity.
 7. A computerized authorization system according to claim 1, wherein the at least one predetermined electronic authorization device comprises a plurality of predetermined electronic authorization devices configured to send the indication of the electronically-made request to the electronic entity to the plurality of predetermined electronic authorization devices configured to authorize the electronically-made request to the electronic entity.
 8. A computerized authorization system according to claim 7, wherein the indication of authorization of the electronically-made request to the electronic entity is sent to the electronic entity in response to receiving an indication of the authorization from a predetermined number of the plurality of predetermined electronic authorization devices.
 9. A computerized authorization system according to claim 8, wherein the store is configured to store the predetermined number.
 10. A computerized authorization system according to claim 1, further configured to automatically send the indication of authorization of the electronically-made request to the electronic entity if at least one predetermined criteria are met.
 11. A computerized authorization system according to claim 10, wherein the store is configured to store the at least one predetermined criteria.
 12. A computerized authorization system according to claim 11, wherein the at least one predetermined criteria are set by the at least one predetermined electronic authorization device.
 13. A computerized authorization system according to claim 12, comprising a plurality of computers and/or servers on a network.
 14. A computerized authorization method, the computerized authorization method comprising: in response to receiving an electronically-made request to an electronic entity, sending an indication of the electronically-made request to the electronic entity to at least one predetermined electronic authorization device as indicated in a store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device as indicated in the store, sending an indication of authorization of the electronically-made request to the electronic entity to the electronic entity.
 15. A computerized authorization method according to claim 14, further comprising: sending an indication that the electronically-made request to the electronic entity is rejected to the electronic entity if an indication of authorization of the electronically-made request to the electronic entity is not received from the at least one predetermined electronic authorization device within a predetermined time.
 16. A computerized authorization method according to claim 14, further comprising receiving an indication that the electronically-made request to the electronic entity is fraudulent from the at least one predetermined electronic authorization device.
 17. A computerized authorization method according to claim 16, further comprising: in response to receiving the indication that the electronically-made request to the electronic entity is fraudulent from the at least one predetermined electronic authorization device, making an identity request to identify an electronic device that made the electronically-made request to the electronic entity and/or a user of the electronic device that made the electronically-made request to the electronic entity.
 18. A computerized authorization method according to claim 17, wherein the identity request comprises sending a signal to the electronic device that made the electronically-made request to the electronic entity, to capture an image of the user of the electronic device that made the electronically-made request to the electronic entity.
 19. A computerized authorization method according to claim 14, wherein the at least one predetermined electronic authorization device is a different device to an electronic device that made the electronically-made request to the electronic entity.
 20. A computerized authorization method according to claim 14, wherein sending an indication of the electronically-made request to the electronic entity to at least one predetermined electronic authorization device comprises sending the indication of the electronically-made request to the electronic entity to a plurality of predetermined electronic authorization devices, wherein the plurality of predetermined electronic authorization devices are configured to authorize the electronically-made request to the electronic entity.
 21. A computerized authorization method according to claim 20, wherein sending an indication of authorization of the electronically-made request to the electronic entity comprises sending the indication of authorization of the electronically-made request to the electronic entity to the electronic entity in response to receiving an indication of authorization from a predetermined number of the plurality of predetermined electronic authorization devices.
 22. A computerized authorization method according to claim 21, comprising storing the predetermined number in the store.
 23. A computerized authorization method according to claim 14, further comprising automatically sending an indication of authorization of the electronically-made request to the electronic entity to the electronic entity if at least one predetermined criteria are met.
 24. A computerized authorization method according to claim 23, further comprising storing the at least one predetermined criteria in the store.
 25. A computerized authorization method according to claim 24, further comprising the at least one predetermined electronic authorization device setting the at least one predetermined criteria.
 26. A computerized authorization method according to claim 14, wherein sending an indication of the electronically-made request to the electronic entity to at least one predetermined electronic authorization device as indicated in a store in response to receiving an electronically-made request to an electronic entity; and sending an indication of authorization of the electronically-made request to the electronic entity to the electronic entity in response to receiving an indication of authorization from the at least one predetermined electronic authorization device as indicated in the store is carried out by a plurality of computers and/or servers on a network.
 27. An electronic authorization device, the electronic authorization device comprising: an input to receive, from a computerized authorization system, an indication of an electronically-made request to an electronic entity from a different electronic device; a user interface configured to indicate the indication of the electronically-made request to the electronic entity and to allow a user to authorize the electronically-made request to the electronic entity; and an output to output an indication of authorization of the electronically-made request to the electronic entity to the computerized authorization system; the electronic authorization device being configured such that: in response to receiving the indication of the electronically-made request to the electronic entity at the input, the user interface indicates the indication of the electronically-made request to the electronic entity; and in response to the user authorizing the electronically-made request to the electronic entity, outputting from the output the indication of authorization of the electronically-made request to the electronic entity to the computerized authorization system.
 28. A computer-readable medium containing a set of instructions to cause a computer to perform a method comprising: in response to receiving an electronically-made request to an electronic entity, sending an indication of the electronically-made request to the electronic entity to at least one predetermined electronic authorization device as indicated in a store; and in response to receiving an indication of authorization from the at least one predetermined electronic authorization device as indicated in the store, sending an indication of authorization of the electronically-made request to the electronic entity to the electronic entity. 